Multiple vulnerabilities in NetBSD

Published: 2018-01-02 19:38:14
Severity Low
Patch available YES
Number of vulnerabilities 3
CVSSv2 5.3 (AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.3 (AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.6 (AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
CVSSv3 6.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
6.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
5.6 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE ID N/A
CWE ID CWE-264
CWE-20
Exploitation vector Local
Public exploit Not available
Vulnerable software NetBSD
Vulnerable software versions NetBSD 7.1
NetBSD 7.0.2
NetBSD 7.0.1
Show more
Vendor URL NetBSD Foundation, Inc
Advisory type Public

Security Advisory

1) Privilege escalation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a missing mask in a syscall in in sys/arch/sparc64/sparc64/compat_13_machdep.c on sparc64 architecture. A local unprivileged user can set privileged bits, such as PSTATE_PRIV in the %pstate register and gain escalated privileges on the system.

Remediation

Install update from vendor's website.

External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-001.txt.asc

2) Privilege escalation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an error in compat_linux32 when handling GDT on amd64 system in sys/compat/linux32/arch/amd64/linux32_machdep.c. A local unprivileged user can create a condition where a page fault is generated if a segment register is reloaded with a "high" selector, located near the end of the GDT, and gain root access to the system.

Remediation

Install update from vendor's website.

External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-001.txt.asc

3) Improper input validation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an input validation error in sys/arch/i386/i386/i386_trap.S (for NetBSD 7.x) or sys/arch/i386/i386/vector.S (for NetBSD 6.x) when the #UD exception handler is implicitly using the %ds register, before it actually initialized it to the kernel value. A local unprivileged user can crash the system.

Remediation

Install update from vendor's website.

External links

http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2018-001.txt.asc

Back to List